Text Size

DC SCIENTISTS ADMIT CYBERSECURITY CAN’T BE SOLVED – “The relevant policy question is not how the cybersecurity problem can be solved, but how it can be made manageable,” concludes the National Academies of Science in a book for lay readers, according to a press statement. The NAS says the book outlines the basic facts about modern computer networking and its vulnerabilities; and discusses the trade-offs inherent in some policy approaches.

“At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues,” is available here: http://bit.ly/1fP3MaG.

SECOND LOOK @ OMB’s FISMA SCORECARD – Most agencies don’t require staff to use their smart-chip ID cards when they log on to secure networks via VPN, the White House bean-counters found in their annual report [http://1.usa.gov/1fP3UXH] on the implementation of FISMA. Nearly every federal employee carries a so-called “Personal Identity Verification” or PIV badge, but during FY2013, only six agencies – GSA, OPM, DoD, HHS, Interior and the Social Security Administration – required their use for secure remote login for more than half their employees.

U.S. agencies reported an average of 166 cybersecurity or data breach incidents to U.S.-CERT every single day during FY2013 – although the actual number of serious cyberattacks is a much smaller subset of that number. Some of the incidents counted this way in the report involve old-fashioned non-digital information.

OMB ANNUAL FISMA SCORECARD PART TWO - Six agencies earned an “A” in FISMA compliance during FY2013, the agency found. Auditors from the departments of Homeland Security, Justice and the GSA, NRC, NASA and the Social Security Administration all gave their agencies a compliance score of at least 90 percent. Failures among the 24 largest federal agencies (not including the Defense Department, whose compliance status is listed as “N/A”) include the departments of Transportation, State, Agriculture, HHS, HUD and the Small Business Administration.

Many have cast doubt over the utility of FISMA compliance scores as a measure of actual security, however, and OMB has pushed for agency cybersecurity programs to be less reliant on the selection and implementation of controls.

HOUSE PANEL TURF WAR SMACKDOWN LOOMS – Two powerful House committee chairmen are marking up rival bills dealing with NSA domestic snooping this week, Pro Tech’s Tony Romm reports. House Judiciary Committee Chairman Bob Goodlatte has scheduled a markup of the USA FREEDOM Act for Wednesday.

The measure, introduced last October by Republican Rep. Jim Sensenbrenner and backed by more than 100 co-sponsors, would end the NSA’s bulk collection of domestic phone metadata under Section 215 of the PATRIOT Act. It has a companion bill in the Senate from Judiciary Chairman Patrick Leahy, a Democrat.

But on Thursday, House Intelligence Committee leaders Mike Rogers and Dutch Ruppersberger will lead a closed-door mark up [http://politico.pro/1iXYBzy] of their own FISA Transparency and Modernization Act, setting up a possible showdown between the two committees.

Both measures would require phone companies, rather than the NSA, to collect and store the call data. Many privacy advocates prefer the judiciary bill because that requires officials to get a court order before accessing the records.

Watch this space and follow @PoliticoPro as developments unfold Tuesday, when both committees – and the House leadership -- are likely to be briefing reporters.

FIVE TAKEAWAYS FROM TARGET TURMOIL – Clue: One of them is not that the C-Suite can go on ignoring cybersecurity. Jessica Meyers has the low-down on “five things to know about the corporate shakeup, Washington’s role in it and what to expect next.” For Pros: http://politico.pro/1kS4Yce

And, for a take that pushes back on the conventional “he had it coming” wisdom, check out Bloomberg’s Megan McArdle: http://bv.ms/1g4QCkn

ON THE MOVE – The International Information Systems Security Certification Consortium, Inc., (ISC)², has a new director of government affairs. Dan Waddell, who was previously cybersecurity solution lead for Grant Thornton’s Global Public Sector Practice, “has over 20 years of experience in information technology, information assurance, and cybersecurity and has overseen multi-million dollar contracts for cabinet-level departments including Defense, State, Commerce, Transportation, Treasury, Health and Human Services, and Homeland Security,” says the blurb [http://bit.ly/1j6UEhh]. Welcome aboard, Dan.

QUICK BYTES

Japanese and European Union leaders will agree at a summit in Brussels Wednesday to boost cybersecurity cooperation in the face of mounting threats from China and North Korea, according to a leaked draft of the final communique. Japan Times: http://bit.ly/Q9pmu2

Las Vegas casino company Affinity Gaming says its credit card payment system was hacked – the second compromise its suffered in six months. AP via The Reno Gazette-Journal: http://on.rgj.com/1imh4WO

FOR YOUR CALENDAR

8:30 a.m. The George Washington University Law School holds a Law Symposium on Intellectual Property at GWU Law School, 2000 H Street NW, Washington, D.C. Nathan Kelley, deputy general counsel for intellectual property law and solicitor for the Patent and Trademark Office, delivers keynote remarks at 8:45.